HttpWebRequest not finding SSL client certs in the 'Local Computer' store

From: Hari (anonymous_at_discussions.microsoft.com)
Date: 03/29/04 

Date: Mon, 29 Mar 2004 11:01:07 -0800

Hi,

I am trying to make a call to a web service using HttpWebRequest. HttpWebRequest finds SSL server cert from the 'Trusted Rooot CAs' store of 'Local Computer' but it does not seem to find SSL client certs from the 'Personal' store of 'Local Computer'. If I just move the SSL client certs into the 'Personal' store of 'Current User', then HttpWebRequest finds them.

I had read somewhere that the problem of HttpWebRequest not looking for certs in the Local Computer stores was fixed in the latest release of the .NET framework. Is that only fo the server's cert?

I am using the .NET faremework 1.1 (v1.1.4322). I have a web service client that does not use WSE 2.0 but uses HttpWebRequest directly. The web service itself requires SSL client auth.

Setup:
STEP 1: I imported the SSL server cert into the 'Trusted Rooot CAs' store of the Local Computer (thru the mmc).
STEP 2: I imported the SSL client cert into the 'Personal' store of the Local Computer (thru the mmc).
STEP 3: I exported the client cert (without exporting the private keys) into a DER encoded .CER file.

Code:
1: I used X509Certificate.CreateFromCertFile() to create a X509Certificate object from the .CER file created in STEP 3 above.
2: I added this cert to the HttpWebRequest using httpRequest.ClientCertificates.Add(cert);

However the cert is not being sent to the web service.

Now, if in STEP 2, I import the SSL client cert into the 'Personal' store of the Current User (and remove it from the the 'Personal' store of the Local Computer), then eveything works fine and the client cert is successfully sent to the web service (note: the server cert is still in the Local Computer store).

The reason I need the client and server certs in the Local Computer stores is because I need to put this client into an ASP.NET web page.

Thanks
Hari

Relevant Pages

  • Bad Key
    ... I am working on a demo with WSE using WS-Security. ... This was then installed in the local computer under the Trusted Root ... Then I publish a web service which uses this same cert to encrypt ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: L2TP Connection Issue
    ... where should the Root Cert show up? ... Local computer or Personal? ... > The client needs the root certificate that the server's certificate chains ... The server needs the root certificate that the client's certificate ...
    (microsoft.public.isa.vpn)
  • HttpWebRequest not finding SSL client certs in the Local Computer store
    ... I had read somewhere that the problem of HttpWebRequest not looking for certs in the Local Computer stores was fixed in the latest release of the .NET framework. ... I imported the SSL server cert into the 'Trusted Rooot CAs' store of the Local Computer. ... I imported the SSL client cert into the 'Personal' store of the Local Computer. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: HttpWebRequest and SSL client certs in the Local Computer store
    ... I know the cert is on the machine properly b/c when I go ... > client that does not use WSE 2.0 but uses HttpWebRequest directly. ... > store of the Local Computer. ...
    (microsoft.public.dotnet.security)
  • HttpWebRequest and SSL client certs in the Local Computer store
    ... I imported the SSL server cert into the 'Trusted Rooot CAs' store of the Local Computer. ... I imported the SSL client cert into the 'Personal' store of the Local Computer. ...
    (microsoft.public.dotnet.security)